Is it feasible to remotely encrypt the hard drive of a virtual server (VPS, cloud server like EC2)? This would help to protect the contents of the hard drive from snooping by the host or as a result of a security hole, but has some issues:

The password has to be entered on startup. Remotely, is this even possible?

Could the host simply snoop on the password as it is entered?

Do VPSes provide block-level access to the machine, or just file-level? Is encryption even possible?

The host (or a judge/policeman/man-with-a-gun telling them what to do) is ultimately in control of the hardware; could they simply examine the memory as the machine runs (similar to a cold boot attack without powering off the machine)?

With these concerns in mind, is encrypting a server with sensitive data simply security theatre, or can it provide real security over an unencrypted drive?

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.

I did not downvote; however, this is somewhat analogous to asking "should I buy a truck or a car?" We don't know why you want to encrypt, what your system IO performance requirements are, or any of the other random environmental factors unique to your situation that contribute
–
Mike PenningtonJul 17 '12 at 3:36

@ErikA it's a question that does not have one definite answer, but what's wrong with nuanced answers that address particular cases?
–
Tom MarthenalJul 17 '12 at 3:36

It's completely subjective. SF exists to collect and facilitate questions that have objective answers - it's not a discussion forum. There's nothing wrong with this topic per se, and I could see it being a very interesting conversation on say, a listserv or forum. It's just not appropriate for this venue.
–
EEAAJul 17 '12 at 3:38

1

If you are that worried about security and encryption, you need to kook at your business and ask if that is right for "hosted services" if your that worried self host.
–
t1nt1nJul 17 '12 at 5:59

2 Answers
2

The password has to be entered on startup. Remotely, is this even possible?

Sure, if you have some sort of console over IP (e.g. Linode's console).

Could the host simply snoop on the password as it is entered?

Well, yes.

Do VPSes provide block-level access to the machine, or just file-level? Is encryption even possible?

The OS requires block-level access, even if it's only virtualized.

The host (or a judge/policeman/man-with-a-gun telling them what to do) is ultimately in control of the hardware; could they simply examine the memory as the machine runs (similar to a cold boot attack without powering off the machine)?

Sure. It's very feasible to suspend a guest to disk and then pick through it with a hex editor afterwards.

With these concerns in mind, is encrypting a server with sensitive data simply security theatre, or can it provide real security over an unencrypted drive?

It makes some sense if you have control over the hardware; when someone else controls the hardware there's little point in it unless you trust that the host doesn't really want to look at it (since they could easily buy the proper expertise if they really wanted to).

Yes of course but you need enough CPU quota to handle the I/O and you will have plenty of the overhead, and your RAM can be still dumped from the host machine.

If you host there a sensitive information like e.g. keys, in case the vps company is hacked, and they gain access to the host machine, or to your account, they can dump the image, but cannot mount it. Also, for dumping RAM they would have to breach the host machine, which is beyond the control panel and image access.

So yes, the encryption protects to some reasonable degree your VPS / Cloud image the way that in case of control panel breach, or your VPS account breach, they wont be able to access your data.

You would still have to enter password during boot, and somewhat you would have to be sure that you run unmodified kernel during this, as they can mount your /boot. But still you would notice as the machine would have to be prematurely shut down, so if you handle startups properly it should be no problem.

"... and they gain access to the host machine ..." "... they would have to breach the host machine ..." Which one is it?
–
Ignacio Vazquez-AbramsJul 17 '12 at 7:35

This is the machine on which the VPS is installed, e.g. the physical machine. Access to this machine is not granted by the web panel you and vps provider support has usually access to, and would still not grant the perfect access to your data, but only to your RAM at any given moment. So if somebody will hack your e.g. email, he wont download your image via cloud provider, still any kernel exploit can do the job too, but for VPS / Cloud encryption is better than nothing, I am just installing a one set so I'll encrypt the sensitive ones too. I use stock Centos.
–
Andrew SmithJul 17 '12 at 7:39

It's like Host is the bare-metal and Guest is your VPS instance.
–
Andrew SmithJul 17 '12 at 7:39